use of org.exist.security.SecurityManager in project exist by eXist-db.
the class StoreResourceTest method prepareDb.
@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Collection collection = broker.getOrCreateCollection(transaction, TEST_COLLECTION_URI);
PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
broker.saveCollection(transaction, collection);
createGroup(broker, sm, GROUP1_NAME);
createUser(broker, sm, USER1_NAME, USER1_PWD, GROUP1_NAME);
createUser(broker, sm, USER2_NAME, USER2_PWD, GROUP1_NAME);
transaction.commit();
}
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class CopyResourceTest method prepareDb.
@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Collection collection = broker.getOrCreateCollection(transaction, TEST_COLLECTION_URI);
PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
broker.saveCollection(transaction, collection);
createGroup(broker, sm, GROUP1_NAME);
createUser(broker, sm, USER1_NAME, USER1_PWD, GROUP1_NAME);
createUser(broker, sm, USER2_NAME, USER2_PWD, GROUP1_NAME);
transaction.commit();
}
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class DigestAuthenticator method authenticate.
@Override
public Subject authenticate(HttpServletRequest request, HttpServletResponse response, boolean sendChallenge) throws IOException {
final String credentials = request.getHeader("Authorization");
if (credentials == null) {
sendChallenge(request, response);
return null;
}
final Digest digest = new Digest(request.getMethod());
parseCredentials(digest, credentials);
final SecurityManager secman = pool.getSecurityManager();
final AccountImpl user = (AccountImpl) secman.getAccount(digest.username);
if (user == null) {
// If user does not exist then send a challenge request again
if (sendChallenge) {
sendChallenge(request, response);
}
return null;
}
if (!digest.check(user.getDigestPassword())) {
// If password is incorrect then send a challenge request again
if (sendChallenge) {
sendChallenge(request, response);
}
return null;
}
return new SubjectAccreditedImpl(user, this);
}
Aggregations